On Fri, May 04, 2007 at 10:34:33AM -0400, John Fiore wrote:
| > Speaking of this, when will the OpenBSD project begin to post SHA256
| > hashes
| > to the ftp sites. MD5 is dead: these two files are different and yet
| > have the same
| > MD5 hash.
| > http://www.cits.rub.de/imperia/md/content/magnus/letter_of_rec.ps
| > http://www.cits.rub.de/imperia/md/content/magnus/order.ps
|
|
| Great. Could you please show me the link to files that have the same
length
| and MD5 as those in the 4.1 release?
Dont forget that they should also be valid gzip'ed tar archives, and
(to properly use as an attack vector) extract to just about the same
set of files (with your trojaned binaries) as the originals.
Good luck !
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
